Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

NY AG Sues MonsterHut Over Marketing Spam 235

Ian Hill writes: "This BBC article tells how NY State Attorney Elliot Spitzer has sued marketing firm MonsterHut.com over "millions" of unsolicited e-mails. He claims MonsterHut.com falsely told its clients that e-mails sent on their behalf were sent to addresses who registered themselves as interested parties. Also at question is how exactly these addresses were collected." eviljim adds a link to a press release from New York's Attorney General and a reminder of how MonsterHut was disconnected from their ISP.
This discussion has been archived. No new comments can be posted.

NY AG Sues MonsterHut Over Marketing Spam

Comments Filter:
  • by stoolpigeon ( 454276 ) <bittercode@gmail> on Wednesday May 29, 2002 @11:15AM (#3602067) Homepage Journal
    It is about time some of the cost associated w/spam got moved to the spammer. More of this can only be a good thing. If it gets too expensive, maybe it will slow down.

    I do worry though about legal remedies just moving the problem to where the laws don't exist.

    • I do worry though about legal remedies just moving the problem to where the laws don't exist.

      So do I. Unfortunately I don't think that the proper solution, vigilantism (stringing up spammers, beating and killing them brutally) will be smiled upon by the courts.
    • but close. The goal is to make it cost the spammer more to spam than it costs us to litigate.
    • Jurisdiction issues (Score:3, Interesting)

      by hillct ( 230132 )
      If the recent internet Libel case goes to verdict, it may impact the power of current anti-spam laws as well. If it turns out that people can be sued for libel in the jurisdiction where internet content is being viewed, it then follows that spammers can be sued for breakage of anti-spam laws in the jurisdiction where the spam is recieved. Only time will tell how this will paly out but there is a silver lining to everythnig, if you look hard enough.

    • How many times have you been up at 5am watching one of those goddamn Make Millions In Months info-mercials? Many of those stupid programs are merely spam factories. Those "millions of _eager_ consumers waiting for you to show you your product" DON'T GIVE A SHIT ABOUT YOUR PENIS PILL. We need to shut these people down FIRST. Get at the root of the problem, otherwise Joe Sixpack is still going to think it's OK to bother his friends and neighbors with claims of penises the size of trash cans.
      • The infomercials about growing your penis are paid for by the advertisers. It also doesn't cost you anything to receive them. -- and you can program your TIvo to skip over them late at night (when most of them are on).

        I have no problem with the infomercials, because they don't pretend to be anything else, and they don't fill up my mailbox, and they don't cost me more than the cost the person who paid to put them on the TV station.

        Besides, if you actually sit up at 5AM watching one of those things, then you obviously don't have anything better to do, so they're providing you a service .. (at the very least, they're helping to pay the TV station for the costs of broadcasting 'buffy'.)

        • SPAM is the equivalent of your TIVO recording infomercials for you. You can delete them if you want, but they still take up space, and you didn't ask for them.
  • by Anonymous Coward on Wednesday May 29, 2002 @11:21AM (#3602097)

    Spitzer Says Company Sent More than 500 Million Unsolicited Messages to Consumers

    Attorney General Eliot Spitzer today filed a lawsuit against a Niagara Falls-based "spammer" that sent hundreds of millions of emails to consumers whom it falsely claimed had requested the emails.

    "Every day New Yorkers are being inundated with unsolicited commercial emails, or spam," Spitzer said. "Some of the spam is a vehicle for fraud, some of the spam is inherently fraudulent, and much of it constitutes a real annoyance for email user. This lawsuit is the next battle in our continuing fight against online fraud, and an attempt to help consumers maintain control of their email in-boxes."

    MonsterHut, Inc., its Chief Executive Officer Todd Pelow and its Chief Technical Officer Gary Hartl, are accused of fraudulently advertising and representing the company's email marketing service as "permission based" or "opt-in," meaning that every consumer to whom they send commercial email has explicitly asked to receive it. In fact, the suit alleges, the company's email lists are only partly "opt-in," and include many consumers who never asked to receive email from the company. The suit also alleges that this false representation of MonsterHut's business practices enabled the company to profit through the deception its Internet access provider, its own paid advertisers, and consumers at large.

    The suit alleges that since March 2001, MonsterHut has flooded consumers' email in-boxes with more than 500 million commercial emails, advertising a variety of goods and services. At the same time, negative consumer response to MonsterHut's spam has been overwhelming. More than 750,000 consumers have requested to be removed from MonsterHut's mailing lists, and tens of thousands have complained to MonsterHut's internet access provider, PaeTec Communications, Inc., of Rochester.

    Earlier this month, PaeTec cut off MonsterHut from its network, after a New York appeals court held that MonsterHut had violated an anti-spamming provision in its contract with PaeTec. However, nothing in that decision prevented MonsterHut from spamming consumers through another internet service provider.
    "We are seeking to prevent MonsterHut from continuing its fraudulent, deceptive and illegal practices, not just over PaeTec's network, but over any ISP in New York," Spitzer said.

    The Attorney General is seeking a court order to:
    • Enjoin MonsterHut, Pelow, and Hartl from falsely representing the nature of their unsolicited commercial email;
    • Require MonsterHut, Pelow and Hartl to disclose how it obtained all the consumers' email addresses; and
    • Require MonsterHut, Pelow and Hartl to pay civil penalties and court costs for its violations of New York's consumer protection laws.
    This case is being handled by Assistant Attorney General Stephen Kline of Attorney General Spitzer's Internet Bureau
  • SPAM (Score:2, Insightful)

    by coryboehne ( 244614 )
    No, not the canned mystery meat, the junk e-mail that clusters my inbox everyday. I really hope this case will set a precedent that will deter the 25 or so people that seem to like to spam my account with their 'earn 10,000 a day', 'make your penis larger', 'diet now, lose 100 lbs a day and get paid $1 a pound', etc. I am truly sick of this shit, and I hope that someone gets the message. Of course the trick is to make this non-profitable, either by suing them blind, or by simply not responding to any of these e-mails. Keep in mind that the only reason that they don't do this via snail mail (aka: USPS) is because it actually costs money to mail a letter via this means, otherwise you would find it necessary to have a mailbox 4' X 4' X 6' and it would still be overflowing after 2 days.
    • Hormel gets pissed if you called unsolicited commercial email "SPAM" because that's their trademark. They have however given their blessing to the use of "spam".
  • Micropayments (Score:5, Interesting)

    by ldspartan ( 14035 ) on Wednesday May 29, 2002 @11:24AM (#3602110) Homepage
    It'd be really cool to see mandatory micropayments for UBE - I would be willing to accept the extra load on my mailservers if I know I was making a tenth of a penny per message.

    Hell, running an open relay would rapidly go from moronic to profitable :).

    • Hell, running an open relay would rapidly go from moronic to profitable :).

      You're only half right. I would describe this as profitable stupidity - getting paid to be stupid.

  • by Jucius Maximus ( 229128 ) <m4encxb2sw&snkmail,com> on Wednesday May 29, 2002 @11:25AM (#3602118) Journal
    There needs to be a law in the United States outlawing spam.

    All the logic is there an the anti-junk-fax laws. It just needs to be applied to e-mail. This way it would be much easier to prosecute groups like monsterhut.

    • There are state laws against phone solicitation (Kentucky has a state-wide "No Call List" that if your name is on it and you get a call, they are sued by the state). They just need to make these "No Call Lists" extended to email.

      I'm a minority. I don't mind spam as long as it targets me, personally. I don't mind wading through spam about PC games, or cheap computer components. I do mind emails from Jenna and her sorority sisters telling me how they'll get naked if I click this link.
      • Can you even imagine giving a kid an email account these days? I can't believe I'm actually saying this, but...if I had an 8 year old (which I don't), would I let that child have an email account? No way. Any leakage of that email address could result in my child having horse p0rn after horse p0rn email. And if she checked her email without me having a chance at it first, it could slip through.
        We need another email system. We need a system that uses technical solutions to make spam identifiable, early on in the chain. Systems should not relay spam, period. You're either participating in the transparent email relay system or you're not. Email that goes through shadows should be marked as such. We only need a few of the very big guys to provide, as a choice to their users, the ability to opt into the safe email system.
        When I receive email on one of my older accounts, the first thing I do is highlight everything, then pick and choose through the subject headers for what's relevant. Usually I'll find two real emails out of about 30.
  • by Erasmus Darwin ( 183180 ) on Wednesday May 29, 2002 @11:26AM (#3602122)
    Personally, I'd like to see perjury charges brought against the individuals who lied under oath ("All our addresses are opt-in. Honest!") in order to obtain the infamous injunction that prevented Paetec from TOSing Monsterhut.

    On a sidenote (with regard to the quest for the email address source), it's fairly common knowledge (enough so that Paetec mentioned it somewhere on litigation.paetec.net [paetec.net] back when they were soliciting affidavits from spammed parties) that a number of the addresses used came from WHOIS records.

    • by Skapare ( 16644 ) on Wednesday May 29, 2002 @04:51PM (#3604895) Homepage

      Paetec made the mistake of agreeing to contract terms that specified that if 2% (I think that was the figure) of the addresses were found to be non-opt-in, that this would be an acceptable margin of error. Presumably MonsterHut would have removed them from the list if asked. Even in the worst case of assuming that every complaint was one of those non-opt-in addresses, the complaints would have had to reach the level of 2% for Paetec to disconnect them under terms of the contact. It's that contact that allowed MonsterHut to get the injunction. MonsterHut didn't need to say that 100% were opt-in ... it only needed to say that 98% were opt-in, and Paetec didn't have enough numbers to prove that more than 2% were genuinely non-opt-in, at least not initially.

      Paetec made some legal blunders. The rest of us can learn from their mistakes. I'll give Paetec the benefit of the doubt for being fooled in this case. A future company will not get that from me.

      One step an ISP can do (if they didn't stupidly sign away any rights to do this) is to put the spammer on static IP and set up reverse DNS to name them with the spammer's domain name. Then I can block the spammer without blocking the ISP, regardless of the stupidity of the ISP's lawyers. And this is my common practice ... I block just the spammer if they are in reverse DNS identified static addresses. And I block them by their domain name, so if they move, even to another ISP, they are still blocked. They have to change domain name to evade this (and I'm sure many have).

      Also, I do all my anti-spam blocking at the server during the SMTP session. I don't want their spam in my servers, and I don't want rejection notices to sit undelivered for days, either. By stopping spam before the mail is delivered, it doesn't get queued and the sending server has to deal with the rejection (but there is still a rejection in the cases of legitimate mail getting caught so the sender at least knows something happened, and can look for a way around).

  • Monster Hut (Score:3, Funny)

    by tps12 ( 105590 ) on Wednesday May 29, 2002 @11:26AM (#3602126) Homepage Journal
    Monster Hut makes the best monsters. I love their personal pan monsters, and their deep-dish Chicago style monsters, also. Great for parties. The crispy thin-crust monsters are also good, if you like a nice New York style monster. A slice of their leftover monster also makes a great breakfast. I like to order a medium monster with pepperoni and peppers and olives. This is enough to feed me and my girlfriend (who also loves monster), plus leaves a little leftover for the next day.
  • Cell phone spamming (Score:5, Interesting)

    by FatAlb3rt ( 533682 ) on Wednesday May 29, 2002 @11:29AM (#3602138) Homepage
    ...came to my attention last week when my wife signed up for text messaging for her cell phone. Her plan allows the first 100 messages each month free, with extras for an additional price after that. What happens if (when) that number gets on spam lists it can be sent in the form of an email, ie, cell-number@provider.com? At the rate I get spam in my inbox, surely she'll run over the 100 limit, and it WILL cost me money to receive spam. Surely there's cause for recourse at that point?

    Wouldn't be too hard to take the ball and run with this one. Get on the message boards and put your number in your sig. Too bad I don't have the time or resources to do it.

    • by BagOBones ( 574735 ) on Wednesday May 29, 2002 @11:34AM (#3602181)
      That happened to me already.. My account came with e-mail at 10 cents Canadian a message.. but all the e-mail addresses on the network where the same format areacode-phonenumber@companyname so a marketing CO just started randomly e-mailing addresses because they could easily guess valid adressess.. I had to quickly remove the e-mail option from the phone because the charges stated to add up fast... When I asked the phone company if they could block or filter such messages.. they said there was nothing they could do.. I no longer have e-mail on my phone because of stupid SPAMERS!
    • Most cellular plans in the US charge a fee for messages to a cell phone. This would result in a direct out of pocket expense that the consumer can see every month on thier phone bill. Junk email to your ISP costs money but it is not reflected directly in your monthly bill. Both cost money and resources that the consumer MUST pay for. I have not received SMS or email spam to any of my cell phones yet. When (not if) it starts it will be a royal pain in the a$$ and I will have to cancel the service completely. Laws for spam will not change until the increased cost is directly visible by the consumer.
  • I hope there is a lot more cracking down on this method of marketing. I've always wondered why it works for them in the first place? Seriously, why do they think that if they keep sending me five copys of the same email EVERYDAY, eventually I will answer? Or why would I answer if they use a completly misleading subject line so that it gets through my filters? They say that they are complying with whatever laws apply by giving you an email address to be removed, but it you mail that, it's either not a valid email, or they just sell your email to others, and you get tons more emails. Obviously some people must answer these emails, but I don't understand how it would ever be worth the cost of thier investment.
    • Seriously, why do they think that if they keep sending me five copys of the same email EVERYDAY, eventually I will answer?

      If you didn't reply the first 100 times, maybe you'll reply on the 101st. Remember, a spammer might have paid good money ($0.000001) for your email address and when you don't reply he's forced to eat the loss, damn it. And when you're running a prestigious nonaccredited university, every microdollar counts. So it's quite cost effective to hammer you with the same spam using a hundred different subject lines because someday you might go crazy and decide you do need a larger penis (or that you have a penis to enlarge at all), which would give the poor guy a return on his investment.

      Why 5 duplicates? Most of the real money in spam comes from selling your list of addresses, because that's the only thing a spammer has to sell. (It's the only thing he pays for besides the throwaway dialup accounts, cable modems, address harvesting software, and sex, and none of those has a comparable resale value.) A spammer typically runs around buying or stealing all the lists he can find from other spammers, so he can compile them into one big list and resell it to other spammers. He obviously can't be bothered to remove duplicates, because 1. that would require him to use his own computing resources, which is forbidden in the spam business, 2. the guy he bought his lists from didn't bother to remove the duplicates, so why should he remove them from the compiled list he's selling? and 3. when you remove duplicates the list gets shorter and commands a smaller price, so what's the motive in doing it anyway? To avoid pissing off the recipients? Ha, ha, ha, ha. A list of 1,000,000 email addresses in which each address is duplicated 5 times will sell just as easily as a list of 1,000,000 addresses with no duplicates. In fact the difference between "200,000 email addresses!" and "1,000,000 email addresses!" is usually four Control-Vs.

      Or why would I answer if they use a completly misleading subject line so that it gets through my filters?

      Why would you answer if they used a subject line that doesn't get through your filters?

  • by R2.0 ( 532027 ) on Wednesday May 29, 2002 @11:32AM (#3602162)
    The only thing stopping the AG's and other law enforcement is a lack of imagination, not a lack of laws. If spam is fraud, pursue it as fraud. If someone is violating copyright, go after the individual. How freaking hard is it?
    • You make some good points, but forget some important ones as well. Sure there's lots of existing laws that could apply, but the problem in a lot of cases is tracking down the offenders, and even then there's so many of them that the manpower to prosecute them is ridiculous.

      SPAM and internet scams operate on a different scale than anything before. I probably get no less than 150-200 SPAM emails a day. Assuming they all from different senders, and are all fraudulent (which I realize is quite an assumption) let's figure out just how much time/money it would take to prosecute them all. Let's say for arguments sake that it takes 15-20 hours to collect information, and find the person to prosecute in the first place. Then let's suppose there's another 200 man hours involved in bringing this to trial. Including the judge, attorneys, etc this is probably a conservative estimate. Now let's suppose each of the people along the way (two attorneys, judge, technician to collect evidence) are making $40,000 each of taxpayer money, again that's probably conservative. Using the above estimate of 220 man hours per spam, that gives us a cost of $4230. Seems to me that's probably on the low side. Multiply this by the 200 messages a day I'm getting, and WOW $846,153 to prosecute the senders of one days worth of spam for one user. That's a lot of money.

      All the laws in the world won't help with this problem. So long as the system is designed to allow the amount of spam that's out there, there's not much laws can do to change it. We need to either change the system so it costs the senders to spread around thousands upon thousands of emails, or find some other way to penalize without involving the already overburdened, underfunded, bureaucratic legal system.
      • You are doing something really stupid, or people who dislike you are putting you on spam lists.

        I regularly post to usenet groups and mailing lists with my real address and conduct business online with it as well.

        At most, I've received 20 spams in one day. The average is 3-6. 90% of these are caught by filters.

    • I think with fraud, one must prove intent. Some spammers can claim ignorance, and then the burden of proof is on the prosecutor to prove otherwise, or else the case gets thrown out. If you make merely the act of spamming illegal, regardless of intent, suddenly that is a non-issue, and prosecuting spammers has become that much easier.

  • by Alien54 ( 180860 ) on Wednesday May 29, 2002 @11:32AM (#3602163) Journal
    Mr Spitzer's lawsuit against Niagara Falls-based MonsterHut.com accuses it of falsely telling clients that it sent the e-mails with consumers' consent. Under New York state's advertising laws, the company could be ordered to pay a $500 (£342; 538 euros) penalty for each unsolicited message.

    I am "simply shocked" that a company would tell such lies to it's customers.

    Thank God that we don't know of any other companies that would do something like that.

  • My spam has been going up over the years, using the same email for 5+ years, seems to do it. And Im a busy Internet poster, and active on mailing lists and online BBS boards, so it compounds matters.

    Topics lately that have passed my spam filters, "Your Bill", My Name correctly(most spam dont use names, just email addresses), Actual products that I use, (someone must of sold my email address), Mailing list type headers (vnc/linux kernel/etc).

    Funny thing, some mailing lists are tagged as spam, like IGN computer news, which I had to tag as good. Spam takes way more of my time than it should. I know for sure, I havnt opt'ed in for anything, and "Opt-Out" is a fucking joke.
    • I NEVER get spammed as a result of postings on usenet. I have my newsreader setup up to show my e-mail addy as phony_username@

      I figure the spammers can clean the trash out of their OWN mailserver's queue, thank you very much.

      The way I DO get spammed is from postings to mailing lists and groups on Yahoo, where I don't have any control over the information disclosed in a message's headers. I've stopped doing that. Additionally, I read my mail with KMail which allows me to "bounce" messages from spammers. That usually tells them my address is invalid, even though it's not.
      • Can anyone tell me the origin of that type of address? I have NEVER found a mail server that liked it. For example, here's Exim's error message:

        This message was created automatically by mail delivery software (Exim).

        A message that you sent could not be delivered to one or more of its
        recipients. This is a permanent error. The following address(es) failed:

        unrouteable mail domain ""

        So, if it's not a legal address, why do so many think that it is?

        Very curious.
        • Because it's legal. "" is a reserved number that indicates the local machine. It's commonly known as loopback.

          So the mailserver tries to send it to itself, realises it's not supposed to recive addresses from there and spits back an error.

          If you have control of a nameserver you can make a domain resolve that way and then the spammers can't detect it as easilly.(potentially more fun)

          • That cannot possibly be right. I just send a mail to pppp@localhost and the thing worked just fine. localhost resolves to

            OK, another test. A mail to slashdot-1@pdrap.org works just fine. (I've blocked that address because spammers found it a while ago). But, a mail to slashdot-1@ does NOT work.

            So, your explanation doesn't fit the observed facts.

            What am I missing?
        • i think you need brackets -- foo@[] -- for this to work.

        • It not going to work for email, but news readers usually allow you to specify anything for your return address.

          Besides, chances are you don't want to mislead people as to what your reply address is if you're sending them email

          Unless, of course, you're a spammer!

      • My moz newsreader is setup to give my email address as "no.spam@here.dude"
    • My spam has been going up over the years, using the same email for 5+ years, seems to do it. And Im a busy Internet poster, and active on mailing lists and online BBS boards, so it compounds matters.

      I've had my email address for a while, but what I do is, once in a while, I go on a hunt-and-kill binge.

      I've stopped trying to track down where spams are coming from. I just follow the links to the web sites that they link to and contact the ISP to have them shut down. After each hunt-and-kill binge, my spam seems to quiet down quite nicely.

      Spam sources are a bitch to track down, and a dime-a-dozen. On the other hand, spammers need consumers to be able to contact them, and web sites take some work to set up. If you shut down their web sites, it actually costs them money.

      • True, I started looking at where the spam is coming from, and I noticed alot of webservers for the opt-out pages are names like, cs-1.foo.bar, h341lp.foo.bar, blblb.cs02.bar, lots of names that are just setup for spam. I think some of them, at least 20% are from the same company, just different domains. The websites for opt-out have the same look too.

        I think Ill write a spam tracker, some kind of spam database, track the headers, do an ISP search, state search, and find a nice pattern. Wonder if any of the larger spam black lists do this already. A hit list of spammers ISP.
  • Declare the internet the 'land of the free'.

    Instead of calling it your 'inbox', it's now your 'american spirit'.

    Those dirty emails you send to your wife are now 'vital communications of the heart'.
    Your mom nagging you to visit her more often are 'sincere messages from the home front'.

    Once we make spam a terrorist act only terrorists will send spam! U-S-A! U-S-A!
  • Would be nice if spam companies such as this who periodically engage in widespread consumer fraud could, by court order, have all assets liquidated and the funds distributed to a state task force designed to root out further spam comanies. If this isn't serving the public, I don't know what is.

  • by FuddChuckles ( 581257 ) on Wednesday May 29, 2002 @11:54AM (#3602296)
    Yes, kudos to Mr. Spitzer for finally doing something about spammers. His litigation may make some of the more egregious, mass spammers think twice before trying to force-feed our Inboxes with herbal viagara and penny stocks.

    But here is the HOWEVER.

    With technology regulation a) not particularly well defined on the books, and b) almost always implemented the *wrong* way (DCMA?), I have little doubt that many legitmate newsletters and mailing lists will get hit by Mr. Spitzer's shrapnel. There are plenty of Attorneys General out there who are not quite so intelligent as sheep (let alone, Mr. Spitzer), and will follow New York's example to the detriment of legitimate mailers.

    Damn. Another message for teen sex in my Inbox. Heck, maybe it's worth it....

  • I've had them blacklisted for a couple years now. I wish other states would jump on the bandwagon. These SOBs deserve to pay. They should be forced to read every piece of spam they ever sent out I think. That should keep them occupied for a few life sentences.
  • Thank god for Elliot (Score:5, Interesting)

    by Anonymous Coward on Wednesday May 29, 2002 @11:59AM (#3602323)
    I am a New York State resident and I must say that Elliot Spitzer has been nothing short of wonderful when it comes to protecting the consumer.

    First it was unsoliticited phone calls (we were one of the first states to set up a no-call list). Now I recieve maybe 1 unsoliticited call every 2-3 months instead of 1 or 2 a day (and at dinner time.... arrrrgggg).

    Then it was dissent on the microsoft case. In all likelyhood, New York State served as a keystone for the 9 dissident states.

    Now we've got Spitzer battling the evil spam demons. My guess is that once again, Spitzer will come out on top.

    Spitzer is a definately a defendant of consumer rights and privacy and has been unwavering in his cause.

    my .02
  • by EricHsu ( 578881 ) on Wednesday May 29, 2002 @11:59AM (#3602326)
    The main problem with spam is fraud and not its unsolicited nature. Okay, we're all geeks on this bus, so we're angry if we people violate the boundaries of our computer in some unsolicited way (I know it, I feel it too). But there's a difference between getting unsolicited mail from, say someone who's interested in a band you wrote an online review about, and some anonymous mailbot trying to scam you.

    The problem is fraud. (1) Spammers forge return-addresses and lie in their subjects to trick you. This makes it hard to weed out unwanted mail. (2) Practically all spam comes from fraudsters. Spam is so despised as a marketing tactic that it cannot be used (openly) regularly by legitimate businesses without them getting a lot of flak.

    I hate spam. It drives me crazy. But I believe we will never fully get rid of it, because it makes money. And there may truly be compelling free speech reasons that keep us from banning it (I'm not decided on this point).

    But I think three steps would take most of the pain out of spam for me.
    1. Spammers who are criminals (stock-pumpers, penis-mightiers) get arrested and deterred/reformed. The NY AG move is a much-needed start.
    2. Spam must be given a proper subject like "ADV:", and need a legitimate return address. Violators are subject to large fines and jail.
    3. Spammers need to pay for all their bounced mail. Not sure how to enforce this, but it would make me feel better.
    Once these things are true, maybe spam will reach the same annoyance level as junk mail in real life: annoying, but not obscene.
  • Since I've added a LART list of IP addresses and domains, per SPEWS, i've seen a nice decrease of UCE coming directly to me.

    2002-05-01 09:37:21 recipients refused from [] (RBL relays.ordb.org)
    2002-05-05 07:49:48 recipients refused from [] (RBL relays.ordb.org)
    2002-05-07 00:18:46 recipients refused from cis-ns.careinfo.co.jp [] (RBL relays.ordb.org)
    2002-05-09 02:49:48 recipients refused from [] (RBL relays.ordb.org)
    2002-05-13 13:14:06 refused relay (host) to from H=nat170.63.mpoweredpc.net (none) []
    2002-05-15 18:06:36 recipients refused from [] (RBL relays.ordb.org)
    2002-05-15 23:36:06 recipients refused from w045.z208037064.nyc-ny.dsl.cnc.net [] (RBL relays.osirusoft.com)
    2002-05-15 23:58:10 recipients refused from [] (RBL relays.ordb.org)
    2002-05-16 20:33:15 recipients refused from [] (firewall-user) (RBL relays.ordb.org)
    2002-05-17 04:01:57 recipients refused from [] (firewall-user) (RBL relays.ordb.org)
    2002-05-18 19:16:22 recipients refused from [] (RBL relays.osirusoft.com)
    2002-05-19 11:36:51 recipients refused from [] (firewall-user) (RBL relays.ordb.org)
    2002-05-21 23:41:55 recipients refused from [] (RBL relays.ordb.org)
    2002-05-24 06:53:23 connection from outmta016.topica.com [] refused
    2002-05-24 06:53:54 connection from outmta016.topica.com [] refused
    2002-05-24 07:41:45 connection from bso002.topica.com [] refused
    2002-05-24 08:33:05 connection from bso002.topica.com [] refused
    2002-05-24 09:35:23 connection from bso002.topica.com [] refused
    2002-05-24 10:46:02 connection from bso002.topica.com [] refused
    2002-05-24 12:17:27 connection from bso002.topica.com [] refused
    2002-05-24 14:19:49 connection from bso002.topica.com [] refused
    2002-05-24 16:23:14 connection from bso002.topica.com [] refused
    2002-05-24 19:01:45 connection from bso002.topica.com [] refused
    2002-05-24 21:31:16 connection from bso002.topica.com [] refused
    2002-05-25 00:07:19 connection from bso002.topica.com [] refused
    2002-05-25 05:29:37 recipients refused from www.shinohara.com [] (RBL relays.ordb.org)
    2002-05-25 16:22:30 recipients refused from [] (RBL relays.osirusoft.com)
    2002-05-28 04:37:49 recipients refused from h-64-105-76-95.nycmny83.covad.net [] (RBL relays.ordb.org)
    2002-05-29 08:22:41 recipients refused from [] (RBL relays.ordb.org)

    So you can see I'm rejecting mail per relays.osirusoft.com and relays.ordb.org. My LART list is pretty big, too. But that's just for a small mail server.

    If you apply similar rules to a multi-hundred or multi-thousand user system, you can really cut down on tons of UCE. Combine it with spamassassin and UCE will almost never get in your inbox.
  • by Seth Finkelstein ( 90154 ) on Wednesday May 29, 2002 @12:01PM (#3602336) Homepage Journal
    There's a great deal of useful information in

    Spamhaus.org records about MonsterHut [spamhaus.org]

    It includes such gems as

    MonsterHut's PR [spamhaus.org]


    Whine: MonsterHut Letter to Spam Clients [spamhaus.org]

    (scroll down - the header index is identical for these links, but the material below is different)

    Definitely worth looking over, for a profile of a spammer.

    Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

    • (somewhat ot, but funny how someone who is a "master of marketing" yet doesn't even understand 4th grade english)
      From the PR link you posted (emphasis mine):
      The quality of the design and graphic arts department here at MonsterHut is unsurpassed by no competitor.

      So, given the double negative, does that mean that the graphics arts department at MonsterHut is surpassed by all competitors? heh.
  • No more laws please (Score:3, Interesting)

    by Sell0ut ( 231418 ) on Wednesday May 29, 2002 @12:01PM (#3602339)
    What good is governement if they want to govern me? (pennywise)

    If we want the government to stop trying to creake things like mandatory age checks before accessing adult material, then we need to stand up and tell them not to create spam laws either.

    It is a problem that can be solved technically. We should strive to find better technical solutions instead of finding ways to sue them.
    • Did you even read the article? Hell, did you read the synopsis?

      The answer is obviously no.

      There's nothing about creating anti-spam laws. It's about prosecuting someone under existing fraud and consumer protection laws.

      You want technical solutions? Sure, whatever. They don't work. They'll never work. There will always be open relays out there to abuse, and even if you block them the bandwidth is being consumed. So you haven't solved the problem - you've just masked it.

      The only hope is to use existing, rock-solid laws such as those stated above, to prosecute spammers into oblivion. If successful, MonsterHut is facing several billion dollars in fines, and I seriously doubt that the CEO or CTO will be able to hide behind the corporate veil on this one. Push them out of the US and other leading countries and they'll wind up with no bandwidth to do this kind of thing. Then your technical solutions can come to bear - countries without laws? Blackhole them. Then they'll pass laws and throw out the spammers, or relegate themselves to the 19th century.

      Government is supposed to look out for it's citizens. This is a fine example of it doing exactly that instead of protecting the corporate entity.
      • In theory, I could operate a "successful" SPAM-sending outfit if I observed the following precautions:
        • Don't commit fraud (by sending fraudulent emails).
        • Don't commit fraud (by lying about the nature of your service).
        • Don't commit fraud (by lying about the source of your database).
        • Don't email people in Washington State or Minnesota (the only places I know of offhand with anti-spam laws on the books).
        • Don't violate my TOS (this could be tough, gotta find a dumb ISP...).
        • Don't send adult material (just to be on the safe side; don't want to get nailed for sending pr0n to kids).

        Essentially, I'm safe if I advertise my services as:

        SuperSPAMmers, Inc. will send out 100K emails to unsuspecting victims, whose emails we scraped off publicly available websites, as long as the message to be sent is in no way fraudulent or contains adult material.

        And the "privacy policy" says nothing about getting off a list or stopping the flow of mail.

        ...at least according to what was in the article. Doesn't look like there's anything else that they can prosecute.
      • There's nothing about creating anti-spam laws. It's about prosecuting someone under existing fraud and consumer protection laws.

        I think that this is very good. and it sets a good precident. We don't need more laws to control the garbage that goes on on the internet. We simply need more inventive ways of enforcing the laws that already exist.

        Monsterhut should not only be sued for misrepresenting customer consent to recieve the emails -- they should also be sued for misrepresenting where their email came from. Fraudulent headers are just that -- fraudulent. They should be attacked in the same lawsuit, and also prohibited.

    • Why not? Supporting some laws and opposing others does not necessarily make us hypocrites.

      That is what the system is supposed to provide. A way for people to get governance that they want, and vice versa.
  • NY == USA? (Score:3, Interesting)

    by SanLouBlues ( 245548 ) on Wednesday May 29, 2002 @12:03PM (#3602358) Journal
    Okay, Niagra Falls is in NY so suing is cool, but 500 million emails to just New Yorkers? Of course if all of the 19 million people (last census) in New York state received an equal number of emails that would make about 25 per person which seems reasonable, but if we extrapolate that same rate to the 280 million in the US they sent about 7.5 billion emails from March last year to April when they were cut off. (Think about it, the extrapolation is reasonable) At a very conservative 1kB per html-email this makes about 7.5 terabytes of data they've sent in a little more than a year. Which makes about 20.5GB of email a day. That seems like a bit much to me.
    This is all mental math, so please correct me if you've got the time.
  • by billtom ( 126004 )
    It seems to me that the answer to spam is whitelists. I find I get very little non-spam from people who aren't in my address book (you just have to be diligent about keeping your whitelist up to date).

    I realize that some people do have a different email usage pattern and do get lots of mail from new senders, but then you could just use an "ask for confirmation" style whitelist filter.

    Is there some reason why whitelists aren't more popular (aside from the fact that it's not the default configuration of Outlook [Express])?

    • Aside from the reasons mentioned from the above reply, you can also get email from unknown addresses if you're applying for a job. Finding a job is (apparently) difficult enough these days without possibly bouncing email messages from a potential employer.

    • Because... (Score:2, Insightful)

      by schon ( 31600 )
      It seems to me that the answer to spam is whitelists. I find I get very little non-spam from people who aren't in my address book (you just have to be diligent about keeping your whitelist up to date).

      If a whitelist is the solution, you don't understand the problem.

      A whitelist is pretty much like "bolting the barn door after the horses have eaten your children." You're basically just closing your eyes and saying "I don't see it, so therefore it doesn't hurt me."

      Spam has two problems, and the concept of a whitelist (or email client "spam filter") only covers one: the nuisance factor (it's a pain in the ass to wade through all this spam.)

      The second, much worse, problem is that spam costs the recipient money. Bandwidth isn't free - it costs money.. even if you don't directly pay for bandwidth, your ISP does, so it costs them money, which they charge to you (even if you don't see it broken down in your monthly bill.)

      Any client-based anti-spam "solution" (such as your whitelist) is ignoring this: the bandwidth has already been consumed by the spam, so it's already been spent. Rejecting the email AFTER it's been delivered to your server only means that you don't see it - it doesn't mean that you're not paying for it, and THAT is the biggest problem with spam - you're paying for something you don't want.
  • For those who inforce the law. It seems as though so much time and energy has been spent as of late in the courts to protect big business (read RIAA) from the actions of people (read us).

    It's about time the courts were used, en masse, to protect people (us) from the fradulant actions of business (monsterhut and others).

    In a free market, business is supposed to be at the mercy of the consumer. We keep the government around to pass and enforce laws when that does'nt happen. It really does make me feel good to see the NY AG doing it's job.

  • Hmmmm according to Spamhaus their servers were put under lock and key when PaeTec TOSed them. Hmmmm i wunder how much they want for their equipment.. I could use some of their parts, or they could be put to good use in a RTCW or a Q3 extreme server for that matter. :D
  • by fermion ( 181285 ) on Wednesday May 29, 2002 @12:39PM (#3602605) Homepage Journal
    Unsolicited email is bad, but the problem is proving an email is unsolicited. I am supposedly on some many valid lists it is unbelievable. I have registered a fresh name, used it to complain about an email, and have been told the new registered address was listed on their opt-in list. When I complained to all the various agents, no one did anything.

    No, this current approach is a losing battle. What we must have is transparency. The Spammer cannot be allowed to use fake email addresses. I have complained about commercial emails with fake addressee, and the providers refuse to do anything. There must be an opt-out link or email address that is in the same domain as the from and return address. These address must be in the owner domain, and not Yahoo, Hotmail, or whatever free service they use for one time addresses. The subject line must clearly identify the company being advertised. If the email is to a website, the website must have an email link, and, if it is a DBA, must have a link to the corporation or person.

    These guidelines will create a proper and honorable two-way communication. There are companies like (I think) Virtual Holdings that cowardly hide behind fake addresses and do not even put a real address on their domain registration. They keep their costs down by hiding behind fraudulent websites that do not have a single method of communicating with the owner. It is the highest form of arrogance that they think they have the right to spam us, but we don't have the right to spam them.

    I know it has been said before, but let me say it again. Get a free email account. When you get a spam, especially with a fake email, look up the registration for the websites advertised. Look up the registration for the DNS providers. Send an email to every address you can find stated how cowardly and dishonorable using fake email addresses is. Let them know we know they are vermin. You do not even have to include your own information, as you are complaining about bad netiquette, not Spam.

    • It's sites like Virtual Holdings that need to be shut down. I completely agree with you. They are *the* villian.

      Treat them as such.

      I've never supported or encouraged attacking(DoS) people like this, but dammit, someone needs to grab them by the balls and HURT them. figure out a way to run up THEIR bills. track theirs asses down and PROSECUTE THEM. Make it cost too much for them to continue doing what they're doing.

      I hope this AG nails monsterhut up by the gonads and not only runs them out of business, but sends the brainchild behind it to jail.

      /me deletes another 50 spams out of his account.

  • The California Attorney General's office now accepts spam complaints. [state.ca.us] But you have to print out a PDF form, fill it out, and send it back on paper.

    They accept non-spam complaints from a web form, so they know how to do it right. Clearly they're not serious about stopping spam, even though California has a strong anti-spam law, and the courts have ruled that it is valid. There haven't been any high-profile spam cases from the California AG yet.

    (There's a legal challenge to the California anti-spam law, but the spammer is losing. The California State Supreme Court recently decided that the California anti-spam law was valid (Ferguson vs. Friendfinder). Friendfinder may still try an appeal to the U.S. Supreme Court. But that has to happen soon, or the decision is final.)

  • We're never going to stop spam flat out, but I have started to take an agressive stance against spam during the last few days.

    First I grabbed a sendmail access database someone else was using as a base to start my anti-spam efforts from. To this I add domains from which I or a coworker received spam from. One spam and it's done. This list contains more than 9000 domains and IP addresses.

    Next I added ordb.org as an RBL. This has helped as well but has also exposed some of our clients as having open relays. I find it interesting to get a call insinuating the problem is with my mail server when the user has not even read the error message. (Which, as you may know, tells them to visit ordb.org to find out what the story is) It is frustrating to explain that I am not going to turn off my RBL because their mail server is incorrectly configured.

    I've been using the RBL for about 20 hours off and on and the access database for about two days. So far it has dropped 309 messages intended for a mail server with about 20 users on it.

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984